A
key ceremony is a formal, audited procedure for generating and backing up a CA's root private key — conducted with multiple witnesses, physical security, and documented procedure.
Root CA key ceremonies require multiple trusted participants (no single person has full key knowledge), HSM use, physical security, and formal documentation. Often required by compliance (WebTrust, ETSI) for public CAs.